PT-2022-4918 · Swtpm+6 · Swtpm+6

Stefanberger

Published

2022-02-18

Updated

2024-06-15

CVE-2022-23645

CVSS v3.1

6.2

Medium

Vector

AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions swtpm versions prior to 0.5.3 swtpm versions prior to 0.6.2 swtpm versions prior to 0.7.1

Description The issue is related to an out-of-bounds read in the swtpm TPM emulator. This can be caused by a specially crafted header of swtpm's state, where the blobheader's hdrsize indicator has an invalid value, leading to an out-of-bounds access when the byte array representing the state of the TPM is accessed. This will likely crash swtpm or prevent it from starting since the state cannot be understood.

Recommendations To resolve the issue, users should upgrade to swtpm v0.5.3, v0.6.2, or v0.7.1 to receive a patch. As a temporary workaround, there are currently no known workarounds.

Exploit

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALSA-2022:8100

ALSA-2022_8100

ALT-PU-2022-1561

BDU:2022-06088

CESA-2022_7472

CVE-2022-23645

GHSA-2QGM-8XF4-3HQW

MGASA-2022-0112

OESA-2022-1576

OESA-2022-2049

OPENSUSE-SU-2022_1297-1

OPENSUSE-SU-2024:11870-1

RHSA-2022:7472

RHSA-2022:8100

RHSA-2022_7472

RHSA-2022_8100

RLSA-2022:7472

SUSE-SU-2022:1297-1

SUSE-SU-2022_1297-1

Affected Products

Alt Linux

Almalinux

Centos

Red Hat

Rocky Linux

Suse

Swtpm

PT-2022-4918 · Swtpm+6 · Swtpm+6

CVE-2022-23645

Weakness Enumeration

Related Identifiers

Affected Products

References · 92